The General Data Privacy Regulation (GDPR – the EU’s strict new data privacy regulation) is here and it’s estimated that 80% of companies have yet to transition past the assessment phase and into the execution phase. Most companies are non-compliant. Arguably, though the risk for being fined by the EU is relatively low for companies outside the EU, the risk for data breaches and simply being a bad steward of your employee’s data privacy is quite real. But manually managing GDPR will become a significant burden on HR teams; therefore, technology solutions will make a big difference.
Once past the assessment phase of knowing where employee data are stored, who has access, how they are shared, and understanding what internal processes must be in place to keep them safe, HR is often still left to comply manually with GDPR requirements. This leaves already busy HR teams to take on additional time-consuming processes to keep up with demands from internal and external groups.
How can a company support its HR group so that it can, in turn, support the rest of the company in its growth plans? Data Privacy by Design is an approach that can provide significant advantages to the entire company and replace burdensome manual processes with streamlined and secure technology.
In Part 1 of this series, we discuss how Data Privacy by Design, or building data privacy into a company’s technology, can support HR in its GDPR compliance.
In Part 2, we take a look at some of the GDPR requirements that significantly impact HR teams. These aspects of GDPR will be important to consider before capturing and processing employee and recruiting data. We’ll then review how technology solutions can simplify HR GDPR compliance for each of these requirements.
What is Data Privacy by Design?
Privacy by design calls for data privacy to be taken into account throughout the whole engineering process. Behind this is the thought that data protection in data processing procedures is best adhered to when it is integrated in the technology and business workflows from the beginning.
Learn More about Data Privacy by Design
https://gdpr-info.eu/issues/privacy-by-design/
https://gdpr-info.eu/art-25-gdpr/
Why is it hard for many companies to implement GDPR? One reason is that data privacy by design has not been at the forefront of their business decision making. Many companies have cobbled together paid and free software systems over time, which do not adhere to data privacy or GDPR principles – they have inefficient workflows, data is not secure and access to it is not closely managed, and their processes for managing international business probably won’t hold up to scrutiny. Companies that are trying to manually comply find GDPR crushing their HR team’s productivity.
This time management and compliance burden will become even more obvious once tested by Subject Access Requests (SARs), hiring and growing in new markets, and the reporting and ongoing requirements for compliance. It’s not uncommon to hear of the HR business of tracking international employees being run in spreadsheets and emails with zero oversight on what file is where and who has access to any unique piece of data – not to mention, whether they should or not.
What is a Subject Access Request?
A Subject Access Request, or SAR, is simply a written request made by, or on behalf of, an individual for the personal information which a company has collected and processed for/on them. Under GDPR, individuals have the right to request this information, are entitled to the results, and the company has an obligation to fully comply within a set period of time. It doesn’t take much of an imagination to think through how onerous it could be to comply with a SAR. A technical solution is vastly preferred.
Learn More
https://iapp.org/resources/article/the-eu-general-data-protection-regulation/#A12
Even if you have only a couple of employees overseas, the GDPR requires secure, best practice, and modern technology. Pieced-together systems are often not compliant, especially when employee data are still collected in spreadsheets and shared widely through email or other non-secure systems. The time to automate, consider data privacy and security by design, and set up efficient systems is best done before you need it – but now is better than later.
Companies with large budgets can tackle GDPR compliance through expensive custom development to replace or retrofit their existing systems. And while many companies with smaller budgets have engineering processes not built with GDPR-level data privacy requirements, the good news is there are solutions that can make HR’s life significantly easier without tearing out and rebuilding systems.
The Globig Solution
Globig’s GDPR-compliant platform was built from the start with Privacy by Design. Keep your employee data and files secure, give access only to those who need it to do their jobs – including your outside data processors – and generate reports to easily show compliance and respond to SARs.
Want to learn more? Watch our quick video tour to see how Globig’s technology can take the burden of GDPR compliance off HR’s shoulders.
And contact sales@globig.co if you’d like to talk about how Globig can support your company with GDPR and international business expansion.
